UNPKG

@collaborne/custom-cloudformation-resources

Version:
134 lines 4.76 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.CloudFrontWafV2RuleGroup = void 0; const aws_sdk_1 = require("aws-sdk"); const custom_resource_1 = require("../custom-resource"); const SCHEMA = { type: 'object', properties: { Name: { type: 'string', }, Description: { type: 'string', }, Capacity: { type: 'number', }, Rules: { type: 'string', }, }, required: ['Name', 'Capacity'], }; const SCOPE = 'CLOUDFRONT'; class CloudFrontWafV2RuleGroup extends custom_resource_1.CustomResource { constructor(logicalResourceId, logger) { super(SCHEMA, logicalResourceId, logger); this.region = 'us-east-1'; // Region must be `us-east-1` for `CloudFront WAF` this.wafV2 = new aws_sdk_1.WAFV2({ region: this.region, }); } async createResource(physicalResourceId, { Name, Description, Capacity, Rules }) { var _a, _b, _c, _d; const rules = JSON.parse(Rules); const ruleGroupParams = { Name, Description, Scope: SCOPE, Capacity, Rules: rules, VisibilityConfig: { SampledRequestsEnabled: true, CloudWatchMetricsEnabled: true, MetricName: 'CommonAttackRuleGroup', }, }; try { const ruleGroup = await this.wafV2 .createRuleGroup(ruleGroupParams) .promise(); if (!ruleGroup || !((_a = ruleGroup.Summary) === null || _a === void 0 ? void 0 : _a.ARN) || !ruleGroup.Summary.Id) { throw new Error('Error creating Rule Group'); } console.debug('Rule Group created successfully:', (_b = ruleGroup.Summary) === null || _b === void 0 ? void 0 : _b.ARN); return { physicalResourceId, attributes: { Arn: (_c = ruleGroup.Summary) === null || _c === void 0 ? void 0 : _c.ARN, Id: (_d = ruleGroup.Summary) === null || _d === void 0 ? void 0 : _d.Id, }, }; } catch (err) { console.error('Error creating Rule Group:', err); throw new Error('Error creating Rule Group'); } } async deleteResource(physicalResourceId, { Name }) { var _a; const ruleGroup = await this.getRuleGroup(Name); if (!ruleGroup.RuleGroup || !ruleGroup.LockToken) { throw new Error(`Rule group is not deletable ${Name}`); } await this.wafV2 .deleteRuleGroup({ Name, Scope: SCOPE, Id: (_a = ruleGroup.RuleGroup) === null || _a === void 0 ? void 0 : _a.Id, LockToken: ruleGroup.LockToken, }) .promise(); return { physicalResourceId, }; } async updateResource(physicalResourceId, { Name, Description, Rules }) { const ruleGroup = await this.getRuleGroup(Name); if (!ruleGroup.RuleGroup || !ruleGroup.LockToken) { throw new Error(`Rule group is not updatable ${Name}`); } const rules = JSON.parse(Rules); const updateRuleGroupParams = { Id: ruleGroup.RuleGroup.Id, Name, Description, Scope: SCOPE, Rules: rules, VisibilityConfig: ruleGroup.RuleGroup.VisibilityConfig, LockToken: ruleGroup.LockToken, }; await this.wafV2.updateRuleGroup(updateRuleGroupParams).promise(); return { physicalResourceId, attributes: { Arn: ruleGroup.RuleGroup.ARN, Id: ruleGroup.RuleGroup.Id, }, }; } async getRuleGroup(name) { const ruleGroups = await this.wafV2 .listRuleGroups({ Scope: SCOPE }) .promise(); if (!ruleGroups.RuleGroups || ruleGroups.RuleGroups.length < 1) { throw new Error(`There is no rule groups in your account with scope ${SCOPE}`); } const ruleGroupSummary = ruleGroups.RuleGroups.find(ruleGroup => ruleGroup.Name === name); if (!ruleGroupSummary) { throw new Error(`Unknown rule group name ${name}`); } const ruleGroup = await this.wafV2 .getRuleGroup({ Name: name, Id: ruleGroupSummary.Id, ARN: ruleGroupSummary.ARN, Scope: SCOPE, }) .promise(); return ruleGroup; } } exports.CloudFrontWafV2RuleGroup = CloudFrontWafV2RuleGroup; //# sourceMappingURL=index.js.map